About: FAQ

SANS Training/Education

Can I earn Continuing Professional Education credits, CPEs?

CISSP members can fill in their CISSP ID# when they register for conference training and SANS will submit a request to CISSP for the attendee to receive credit for SANS CPEs earned.

If you participated in training other than conference training, such as the Mentor Program, SANS OnDemand or vLive!, you may logon to your account and download a copy of your certificate of completion. CPEs are not awarded for recertification.

SelfStudy students can obtain a Certificate of Completion when the corresponding SANS OnDemand Bundle or GIAC certification exam attempt has been successfully completed. When the OnDemand Bundle is not available for a SelfStudy course, downloading all course mp3 files is the requirement for obtaining the SelfStudy Certificate of Completion. To obtain a SelfStudy Certificate of Completion, you must email selfstudy@sans.org.

How many credits do I earn for ISC2 Continuing Education when I take a SANS course?

You earn 1 CPE credit for ISC2 per hour of SANS training. A conference usually lasts 6 days for 6 hours a day, which would be 36 credits. Students can earn CPE credits through the Mentor Program, Securing The Human, vLive!, OnDemand, Onsite, and Conferences.

SANS will submit CPE credits to ISC2 if you enter your CISSP# when registering.

What are Job-based and Skill-based courses?

Job-Based (Long) Courses

These courses address a range of skill sets including entry level information security and broad based security essentials, as well as advanced subject areas like audit, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and Windows and Unix operating system security.

Can I get a certificate of attendance for a webcast I attended?

Certificates of attendance for webcasts can be found by clicking on "My Webcasts" under "Account Details" on your account dashboard.

How can I prove that I attended the webcasts as I need to show proof of attendance for CISSP?

Certificates of attendance for webcasts can be found by clicking on "My Webcasts" under "Account Details" on your account dashboard.

How do I apply for the Gold certification?

Once an individual has earned GIAC Silver Certification, an option will appear in their Account Dashboard (https://www.sans.org/account/) to apply for GIAC Gold. This option will only be available for as long as the individual maintains a valid GIAC Silver Certification. The individual has to maintain their GIAC Silver Certification while working on their GIAC Gold Certification. To apply for GIAC Gold Certification, an individual must complete the application form in the Account Dashboard. The more initial information that is provided, the more likely it can be accepted promptly. Once the concept is accepted, the individual will need to pay the registration fee and will be contacted by their assigned GIAC Gold Adviser within 5 business days to begin setting the path to completion. The complete timeframe to complete the technical paper is six months.

What is SANS Training?

SANS Training provides a core set of educational courses designed to help you master the practical steps necessary for defending your systems and networks against the most dangerous threats - the ones being actively exploited. The courses were developed through the community consensus of hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and the in-depth technical aspects of the most crucial areas of information security. SANS Training courses can be taken on their own, or to help you prepare for the GIAC Certifications.

What SANS Training tracks/courses are available?

Where can I take SANS courses?

Where can I find information about the SANS Masters Programs?

The URL for the SANS Technology Institute is http://www.sans.edu

Can I transfer a SANS course and GIAC Certification into the Master's program of SANS Technology Institute?

SANS courses and GIAC Certifications that are related to the curriculum of the SANS Technology Institute's Master's Degree program can be grandfathered into the Master's program provided that the GIAC Certification is current and the related Silver exam scores average 80 or higher. In addition, as an important prerequisite to admission to the Master's Program, applicants must already hold a current GIAC Gold Certification (written paper) in at least one major Certification related to the Master's curriculum with related Silver exam scores averaging 80 or higher.

How do the tracks/courses relate to each other?

The courses are designed to be taken either independently, or in series. Students can take individual courses to focus on specific areas of interest or responsibility. Or, courses can be taken sequentially, to provide a progressive education in information security, from basic concepts to in-depth technical knowledge.

Do I have to take SANS Security Essentials courses before I take any Subject Area courses?

No. SANS Security Essentials is a good starting point if you are new to security, or if you want a broad overview of security topics as opposed to focusing on a specific technology, but it is not a prerequisite. Students are free to take any courses in any order that they like.

Of the different methods to take SANS training, which one is best?

The method that is best for you will depend on a number of factors, including time, cost, and how you learn best. Some students prefer conferences because the material is presented live, in a short period of time, and you can interact directly with an instructor to ask questions. Some prefer online training because it is convenient and you can work at your own pace, though it takes discipline to make the time in your schedule to learn the material. Others prefer the Mentor Sessions as they are smaller classes; taught at a slower pace and in a local setting.

What is SANS OnDemand?

SANS OnDemand is the world's leading provider of e-learning for information security professionals. With OnDemand you can access more than 40 SANS courses whenever and wherever you want from your PC/laptop (Windows, Mac, and UNIX) or iPad. You can read more at: http://www.sans.org/ondemand/

What is SANS Self Study?

For the motivated student who enjoys working independently we offer the SANS SelfStudy program. Students receive SANS course books (and CDs when applicable) and online access to MP3 files of SANS' world-class instructors teaching the material. You can read more at: http://www.sans.org/selfstudy/

What is SANS vLive!?

SANS vLive allows you to attend SANS courses from the convenience of your home or office. Simply log in at the scheduled times and join your instructor and classmates in an interactive virtual classroom. You can read more at: http://www.sans.org/vlive

What is the difference between Live Conferences and Community SANS?

SANS offers both National and Regional Conferences which may feature additional evening talks, Vendor expo and lunch activities and the networking opportunity with many other attendees.

Community SANS takes the exact same content you would get at conferences on the road to your local community. The size of the class is smaller (approximately 20 people). With this live, local training you may have little to no travel time or costs, offering you more value for your training budget.

Community SANS events offer their own advantages (smaller class vs. more people, lower travel/hotel cost vs. additional activities) and of course schedule or travel can sometimes be the determining factor. These community events feature fully trained SANS instructors who are real world practitioners. The events are held in various locations around the world and offer you the opportunity to network with professionals from your own local community.

What is the @Work Program?

These are Mentor lead classes at your workplace. Classes usually can be scheduled to work around your organization's needs as they can meet over multiple sessions, days, evenings and even weekends! Visit: http://www.sans.org/mentor/at-work for more information or contact atwork@sans.org.

Are there any prerequisites for the courses?

There are no official prerequisites. However, students should be aware of the technical level of the course they wish to take. Information Security Officer training is intended as an introductory level track for those just getting started in security. SANS Security Essentials is a basic level course, targeted at students who have at least some familiarity with security concepts, networking, and operating system administration. To test your knowledge of TCP /IP see www.sans.org/conference/tcpip_quiz.php.

What is the SANS Partnership Series?

The SANS Institute is the leading provider of information security training and the trusted source for information security certification and research. Part of the SANS mission is to ensure that information security practitioners in critical organizations have the skills needed to protect national security.

The SANS Partnership Series is an outreach program created to provide highly discounted training to support constituencies that have:

A clear impact on national security

Large numbers of information security practitioners

Budget constraints that limit access to necessary training

Current eligible critical constituencies include:

Educational Institutions

State & Local Law Enforcement

State & Local Government

Developing Nations/International Partners to the US

The secret to this successful program is cost reduction realized by delivering the courses to large classes (125 or more).

What is the Upcoming Schedule for the Partnership Series?

Please visit our https://www.sans.org/partnership/ page for a list of classes.

What is COINS?

COINS is the acronym for Community Of Interest for Network Security. It was developed as a way of supporting local professional information and cyber security groups by offering SANS instructors and SANS Content to local InfoSec Chapters all over the U.S and Canada. We support associations like: Information System Security Association (ISSA), Information Systems Audit and Control Association (ISACA) , High Tech Crimes Association (HTCIA), Infragard and others.

We provide you with one of our qualified SANS Instructors that can teach on various topics. For more information on how we can work with your organization. For more information on scheduled training events, go to http://www.sans.org/coins/.

What is Private Training?

For groups of 25 students or more, we can deliver training directly to your organization in person, virtually or both. With ease of delivery and turn-key options, Private Training solutions from SANS allow you to save on travel while getting world class training on location. Visit: http://www.sans.org/private-training for more information.

How does SANS handle the visually impaired or deaf?

SANS Institute is committed to assisting course participants subject to disabilities. SANS will provide the following at no additional cost to the employers of participants with disabilities: an additional seat in the classroom and an additional set of course materials for Auxiliary Aides and/or the course notes in computer-readable format, as requested by the participant's employer. The employer of the participant shall be responsible for all other costs of any necessary accommodation, including arranging and paying for Auxiliary Aides. The employer may call (301) 654-7267 or email registration@sans.org to request that SANS Institute make the arrangements for Auxiliary Aides and bill the costs to the employer. It is the responsibility of the employer to confirm with SANS all such arrangements at least four weeks before the course.

Can I transfer my self study or online course materials to another student?

You cannot transfer, share or give your self study material to another person. The following is noted when you access your course material through your account.

I understand that my license to use SANS electronic course materials is exclusively for my individual professional development. I will not transfer nor will I allow others to use the course materials or the test questions. I will not use any part of this material for teaching others nor will I incorporate it, nor allow it to be incorporated, in any other training materials or publications, electronic or print, without prior specific written consent of the SANS Institute."

Can I use the information I obtained in training for a College paper?

We appreciate your inquiry and you can cut out a paragraph or two at a time from the books but we ask that you don't duplicate full pages of the course material. Please give SANS reference where it is used.

Can you tell me how many certified students you have in specific countries?

At this point in time we are unable to give out geographical information on certified students. That may change, but for now, it's the case.

What is the difference between Silver and Gold certification?

GIAC Gold will distinguish itself from the existing exam-only 'GIAC Silver' certification by requiring candidates to complete a technical report covering an important area of security related to the certification the student is seeking. After completing the exams necessary to pass the GIAC Silver certification, students will have the option to pursue the GIAC Gold Certification. Candidates will work closely with an adviser through the process of developing their technical report. Once complete, the technical report will be reviewed for acceptance into the SANS Reading Room and the student earning GIAC Gold. All GIAC certified professionals who previously completed a practical assignment under the old GIAC requirements are already considered GIAC Gold certified.

Can I get college credit for taking SANS courses?

The SANS Institute is not an accredited educational institution that issues college credits that can be transferred. However, applicable SANS courses and GIAC Certifications can be grandfathered into the Master's Program of SANS Technology Institute as described above. Also, some other colleges offer degrees that accept life experience and other training for credit; so please check with individual schools to see if they will accept training for credit from the SANS Institute since it is known for the quality of its training.

Are CPE credits submitted to ISC2 as Type A or B?

All credits are submitted as Type A credits.

What is a Bootcamp Session?

Bootcamp sessions are evening hands-on sessions that allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Laptops are required.

Are Bootcamp sessions optional?

Bootcamp sessions are optional, but highly recommended, especially for students who are attempting certification. These hands on sessions reiterate what students learn during the day sessions.

For SEC 401 are laptops required ALL DAY or only for the Bootcamp sessions in the evenings?

Students only need laptops in the evening for the hands-on labs during bootcamp. The 9am to 5pm class is lecture only.

What is the purpose of the CISSP Bootcamp?

The CISSP Bootcamp is utilized to take the 10 domain quizzes, grade them and then discuss the right and wrong answers. The quizzes are done with pencil and paper. No laptop is required,

What is the comparison between CISSP and GIAC?

The primary difference is that the CISSP focuses on concepts, which is of course essential. GIAC covers concepts, but focuses more on the practical skills needed to apply those concepts on the job. Another difference is that you must be a security professional with a minimum of three years of experience in the field before you are even allowed to sit for the CISSP. There is no experience requirement to sit for any of the GIAC certifications. Additional information on GIAC can be found at the FAQ link, above, or the GIAC home page at http://www.giac.org/.

General Info

How do I upgrade my iPad to iOS 4.3 to enjoy a more stable, better performing iPad?

Here are the instructions for upgrading your iPad to iOS 4.3.

Connect your iPad to your computer.

Open iTunes on your computer.

You should see a message stating that a new iPad software version (4.3) is available.

If you see this message, click "Download and Update".

If the message does not appear, click on your iPad under the Devices heading in the left panel of iTunes. Under the Summary tab, click the "Update" button. You will see a message that iTunes will update your iPad to iOS 4.3 and verify the update with Apple. Click the "Update" button.

In the iPad Software Update window that appears, click Next then agree to the Software License Agreement.

Wait for the Update process to complete.

Disconnect your iPad from your computer.

Where does the courseware come from?

Our courseware is created by our leading instructors and are updated on a regular basis as technology evolves. OnDemand is also proven to be one of the most effective ways for preparing for GIAC certifications ( https://www.giac.org/certifications ).

What courses are available via SANS OnDemand?

If I have a specific question about the materials the instructor is presenting or about the hands-on materials, who can I contact? Will there be accessibility to an instructor via email or phone?

Each class has an OnDemand Subject Matter Expert who the student will have email access to during the course. To contact the OnDemand Subject Matter Expert, please send your questions in an email to ondemandvirtualmentor@sans.org.

Registration/Tuition

Does SANS have a volume discount program?

For organizations with multiple employees taking SANS training courses, the SANS Voucher Program is an easy to use, flexible training management solution. Based on the number of anticipated students and investment, you may be eligible to receive, from SANS, bonus funds. Your investment and bonus funds can be used for classroom and online training, and can also be used to purchase GIAC certifications. Visit our Voucher Program page for more details and to contact SANS.

Are SANS courses eligible for the United States GI Bill?

GI Bill funding and veterans education benefits (including tuition payments and housing/book stipends, when applicable) are available to students enrolled in any of the advanced degree programs of the SANS Technology Institute, the regionally-accredited, independent, graduate school subsidiary of SANS. Nearly all of the technical courses in those programs incorporate SANS classes and GIAC certifications. In addition, the costs for most GIAC certification exams are also eligible for reimbursement. See http://www.giac.org/overview/faq.php#165 for details. However, individual SANS classes taken directly from SANS and not as part of a graduate course and program are not eligible for GI Bill funding.

Can I add certification after the conference?

Students have until 1:00pm on the last day of a conference to add certification for $689.

Can I send someone in my place if I cannot attend a conference that I registered for?

You may substitute another person in your place at any time by e-mailing registration@sans.org

Can I switch classes at the conference if I find it's not for me?

We do have a policy that if you attend the first day's class and want to switch it can be done on site. It has to be done on the first day but we also allow students to scan the course material at the bookroom to see if it would be a good fit for them to attend later on in the week. The only catch is we cannot switch if a class sells out.

Does SANS send out letters of invitation?

Students should be able to attend based on the information provided from their registration. We no longer send letters of invitation.

I don't want to enter my credit card information on the registration form. Can I call in my credit card payment?

Credit card payments can be made by telephone. First complete the on-line registration form, and select Credit Card by fax or phone as the payment method. After you receive your invoice number, call (301) 654-SANS (7267) to provide your credit card details.

My credit card was denied. Can you tell me why?

You will need to contact your credit card company to resolve the issue. We are not given any other information other than whether it is charged or denied.

My credit memo expired can I still use it towards training?

If your credit memo expires you can no longer use it towards payment of a course. Credit memos must be used by their expiration date.

We are a Tax exempt organization. How do we receive the tax exempt price?

Place your order and then email store@sans.org and ask to have the tax removed. Be sure to include the store order number in the request and do it promptly after placing the order.

What do I need to do once I arrive for training at the conference?

E-mail alerts will be sent to you before the conference with registration times, registration locations, and laptop requirements (if applicable). Upon your arrival all you will need to do is check in at the SANS registration desk. To check in you will need to present a photo ID. At the registration desk you will receive your SANS badge, applicable course materials, and information you will need while you are at the conference.

What is the deadline to register for the certification when attending a conference?

The deadline to add or drop GIAC certification from your SANS conference registration is the last day of the conference. If you decide to add GIAC exams after you register, contact the SANS registration office (registration@sans.org or 301-654-SANS(7267) ).

What payment options are available for SANS training?

What will happen if I can't attend the entire conference?

It is not a problem with SANS if it is not a problem with the student. Students will have to pay for the entire track and will be given all the course materials for the entire track; but if the student is unable to come the last day or any of the other days, and still wants to participate in the track - that's fine.

Will SANS accept purchase orders other than US federal government and Canadian government purchase orders?

The SANS Institute expects payment in advance for all courses. If you are an employee of the United States federal government or the Government of Canada, you are permitted to submit a valid purchase order or federal training authorization form in advance as your prepayment.

SANS does not accept state, provincial, corporate, or university purchase orders as prepayment for training. Your tuition fee must be paid in advance by check, bank transfer, or credit card. We realize that your organization may still need to use a purchase order internally as part of the payment process. To obtain an invoice for your accounts payable department, please take the following steps:

Register for your training online. At the end of the registration process, you will be prompted to print your own invoice. Please do this.

Take the unpaid invoice to your accounts payable department so that they can match the purchase order with this invoice and generate payment to SANS by check, credit card, or bank transfer.

Please remember that SANS must receive your tuition payment prior to the start of your course.

How do I register?

Go to http://www.sans.org/sans_training.php and select the training you would like to register for.

Complete the online registration form. (SANS does not take registrations by phone.) Even if you prefer not to submit your payment information online, you should still complete the online form. Offline payment options are available once the online form is completed and you have your invoice number.

Print your own invoice at the end of the online registration process.

An immediate e-mail confirmation is sent to you when the registration is submitted properly. If you have not received e-mail confirmation within two business days of registering, please call the SANS Registration office at 301-654-SANS(7267). You may also contact us by e-mail at registration@sans.org.

How much does the training cost?

Registration fees vary depending on what type of training format you choose, what track/course you choose, location you choose, and when you register & pay. In order to find out how much the track/course fee is you can do one of two things:

Check the "Tuition Information" section on the web page for the specific location/type of training you chose.

**Check the on-line registration page for the fees and cut off dates.

Does SANS offer any work-study programs?

The SANS Work Study Program provides a means for students to attend a SANS conference track at a much reduced rate in exchange for working at the conference and assisting with written technical work. Students are still responsible for any costs associated with food, lodging, and transportation. For information, see http://www.sans.org/training/volunteer.php

How can I get a copy of my invoice or receipt?

You can logon to your Account Dashboard at https://www.sans.org/account/ with your email address that you registered with.

If you do not remember your password, you can use the "Forgot Your Password? Reset Password" to reset it.

Then click onto the "Attendance History" link in the upper right hand corner.

You will be able retrieve a copy of your INVOICE/RECEIPT

Can you send me a copy of my invoice?

Yes, we can fax or email a copy of your invoice. Please send an email to registration@sans.org, and include your name and invoice number.

What is your refund policy for conference attendees?

If you find that you cannot attend a conference and you have no one to replace you, please submit your refund request in writing to registration@sans.org.
To find the specific deadline dates for your conference please go to the conference link on our webpage, http://www.sans.org and then go to the cancellations link on the Attendee Info page. Please pay attention to the last date that refunds will be given.

SANS and GIAC - How they fit together

If I take the course, do I have to take the certification?

No. SANS Training and GIAC Certification are separate programs (though they are related). SANS Training is intended to provide students with the best available education in the key areas of information security. GIAC Certification is designed to provide an objective "benchmark" to show that an individual meets a minimum standard of skill and knowledge, for people who want to demonstrate this ability for themselves, or for a current or prospective employer. Students do not have to take the certification if they take the course, though they have the option to do so.

How does GIAC Certification fit with SANS Training?

GIAC certification was developed to help the industry by providing a standard that not only tested theoretical knowledge but also the ability to apply that knowledge in real life. SANS training is organized in tracks that correspond to the various subject areas of the GIAC certification program provides certification in. The training is developed independently from the certification process to ensure that those attending SANS training are well rounded in the area they have chosen to train in, and not just learning how to pass a test.

Where do I find the GIAC FAQ?

SANS Account Dashboard

How do I listen to the audio files?

The audio files can be listened to with any MP3 player you choose. Information on WinAmp is available as it tends to be the most popular MP3 player. However, most default installations of the Microsoft Windows operating system include the Windows Media Player (WMP) which will work just as well. It is recommended that you only choose to "stream" the audio if you have a high bandwidth connection to the internet.

I forgot my SANS account password. What do I do?

Go to the login page at https://www.sans.org/account/login. At the bottom the login page is the "Reset Password" link located by the text "Forgot Your Password?" Click this and follow the directions.

How do I access my SANS Self Study files?

I purchased SANS Self Study with Certification or a GIAC Challenge certification. How do I access my Practice Exams that were included as part of my certification package?

There are two ways to access your practice exams. The first is to access the practice exams is to log into your Account Dashboard and click the "Practice Exams" link located next to the "Bookstore Orders" link on your main page. Secondly you can log into your SANS account at https://www.sans.org/account/. Then click the "Bookstore Orders" link. On this page is the following: Practice Exams Click here to access your practice exams.

I can't find my certification exams link or audio files in my account, where are they? Be sure that you are logging on with the email address that you registered with.

Where are the PDF's in my account, can you tell me how to access them?

Pdf documents are no longer available. Hard copies of the course books were provided to you at the conference or mailed to you for online training. Through your account you'll have access to mp3 recordings (when available) of your course being presented at a recent conference. You can download the mp3s. Some people like to burn these to a CD or put on their Ipod to listen on their commute or while traveling. You'll have access to the mp3s in your account for a six month period.

SANS Web Site

Can I use material from SANS web site or a SANS published work in a dissertation, research paper, or other scholarly work?

You may use SANS copyrighted material in a scholarly work as long as it is properly referenced (you must give the material a footnote or endnote citing SANS and the source). Under US Copyright Law, you do not need permission to include small amounts of copyrighted material in a learning exercise. However, your paper may not be copied for distribution outside your classroom without violating copyright law.

How do I read the SANS Training Matrix (home page)?

The SANS Training Matrix lists all upcoming conferences and training opportunities. The matrix lists all events down the left side by location/type of training. To the right of the events there is a grid with what tracks/course are offered at that particular event. To get detailed information on an event simply click on the event name/location. To get detailed information on a track/course click the icon in the grid corresponding to the track/course you are interested in. The is a key to the icons on the matrix at: http://www.sans.org/index.php#key

How do I sign up to receive updates from SANS?

SANS offers several security newsletters and other update mailings designed to keep you informed of both industry security information and SANS training and participation opportunities. To sign up for these updates go to http://www.sans.org/newsletters.

I'm looking for specific information, where's the best place to start?

The majority of information on the SANS site is accessible directly from the SANS home page. There are links to all major areas of the site at the top of the page, and a detailed training matrix a little further down on the home page. The training matrix gives easy access to all conference and training information, including: conference locations, tracks/courses offered, course descriptions, hotel and travel information (in applicable), fees, and registration.

There is also a site search engine available in the top right corner of most pages on the SANS web site, the search engine that lets you search the entire SANS web site to locate the information you need.

Is it OK to post information from the SANS web site on my own web site?

Information posted at the SANS web site is protected by copyright and is not to be reproduced at other web sites, except where noted otherwise. If you wish to share information from the SANS web site with students, employees or others, you may post or link the URL where the information is found.

May I include information from the SANS web site in materials that will be printed?

Information posted at the SANS web site is protected by copyright and is not to be reproduced without permission. If you working on a book and want to use small quantities of our online material that is properly credited, you may request permission by sending us the pertinent sections of the draft manuscript.

What is the Information Security Reading room?

The Information Security Reading Room is a collection of papers that explore in-depth, various areas of computer and information security. This is a community resource that is free to all.

Where can I find the SANS PGP Key?

Where is the best place to find new information/events?

All information and events that are new to the SANS web site are listed at http://www.sans.org. New training events are also listed on the SANS Training Matrix at http://www.sans.org and are indicated with a "New - Just Added" icon.

Why is my paper not posted in the SANS InfoSec Reading Room?

By submitting your practical to GIAC, you are giving us the right to post it on our web site. We are also giving you the opportunity to be published. All certified students can find their practicals posted under the appropriate certification listing here: http://www.giac.org/certified_professionals/. Naturally some papers are stronger or hold more community value than others. The best of the papers will also be placed in the Reading Room, although it is mostly made up of GSEC papers. It is an honor to be posted there beyond the listing of all students.

Miscellaneous

How can I contribute to SANS Community Projects?

SANS has several projects that you can get involved in, including:

S.C.O.R.E (http://www.sans.org/score/ )

Local Mentor Program. Candidates who have taken SANS training and received GIAC certification in their subject are eligible to act as Mentors for their community or within their organization. In designated cities where it has been determined that there is sufficient interest and we are able to locate an available qualified mentor and an acceptable venue, we may choose to form a class. Each class exists only for the duration of the applicable course and usually involves 10 meetings with the mentor and the other students to discuss the material, ask and answer questions, and help each other prepare for certification. If you are interested in becoming a Mentor, please contact Scott Weil at sweil@sans.org

What is SANS' policy on press passes?

SANS requires the press to submit in a proposal beforehand about the article they wish to write along with proof of credentials. Only writers or editors will be accepted and freelance writers must provide some proof of their assignment on letterhead from the publication's editor. Publishers and salespeople will not be given press passes. Seats are limited and a $500 refundable deposit is required at registration. To receive back your deposit the actual article must be submitted to SANS and feature a direct link to our web site at www.sans.org. Books will not be given with the course but can be purchased at our bookstore. Distribution of press passes are at the discretion of SANS and can be done by contacting Brian Correia either by e-mail at brian@sans.org or via fax at 703-830-0520.

What vendor opportunities does SANS have for exhibits/advertising?

SANS has many opportunities for vendors to get involved, from conference expositions, to monthly webcasts, newsletters, and more! For full details on all the vendor opportunities SANS has to offer see http://www.sans.org/vendor.

Why is SANS attacking me from http://rr.sans.org/firewall/egress.php?

Snort (http://www.snort.org ) is an open-source IDS tool. One of the default Snort rules for identifying bad traffic is:

The "alert ip any any 127.0.0.0/8 any" portion says to generate an alert on IP traffic to or from any 127.x.x.x address. The "msg:" attribute contains the text of the alert. The "reference:" field can contain one or more references to external sites with information about this kind of traffic.

In this case the reference includes the URL to a SANS Reading Room document which contains information about egress filtering on your network.

We have received a number of questions asking why we are attacking folks and it has almost always been the case that the person asking why SANS was attacking them was using the Kerio personal firewall. Kerio appears to use the Snort engine and default rules for their IDS capability. They also seem to be badly mangling the information in this specific signature so you think that they are reporting an attack from SANS.

The correct answer is that someone sent a probe/attack to your IP address and forged the source address to be 127.x.x.x.

If you are getting these attacks/probes at home on a cable/DSL connection, you cannot really do anything to prevent them. Your personal firewall is doing what it should to protect your individual computer. If you are getting these attacks/probes at work, then talk to you network administrators about adding ingress filters to block this traffic.

Can SANS recommend a security consultant?

Several of our instructors are consultants and you can read their bios at: http://www.sans.org/instructors.php

How can I teach for SANS?

In order to teach for SANS one must first hold an active GIAC certification with an 85% or higher in the class they are interested in leading. Interested applicants can read more and apply by visiting: http://www.sans.org/mentor/teach

Acceptable Use Policy for SANS/GIAC Mailing Lists

BY SUBSCRIBING TO A SANS OR GIAC MAILING LIST YOU AGREE TO ABIDE BY THIS ACCEPTABLE USE POLICY. IF YOU DISAGREE WITH THE TERMS OF THE ACCEPTABLE USE POLICY, YOU MAY IMMEDIATELY UNSUBSCRIBE FROM THE MAILING LIST BY SENDING AN EMAIL TO THE LIST ADMINISTRATOR.

PURPOSE: The mailing lists provide an open, generally un-moderated environment intended to foster communication, debate, and the advancement of thought.

TECHNICAL SERVICES PROVIDED THROUGH THE MAILING LIST HOST - E-mail that allows subscribers to communicate with peers throughout the world and engage in group discussions related to relevant security and technical matters.

SANS LIMITATION OF LIABILITY

SANS is not responsible for the accuracy or quality of the information obtained through or stored on the system.

SANS does not assume liability for damages incurred resulting from use of this mailing list.

DUE PROCESS

In the event there is an allegation that a subscribed member violated this Acceptable Use Policy, the subscriber will be provided with notice of the alleged violation.

The list Administrator may terminate account privileges of a member for violations of this Acceptable Use Policy.

SANS will cooperate fully with local, state, or federal officials in any investigation concerning or relating to any illegal activities conducted through the SANS mailing list and web site.

SECURITY

Members are responsible for the use of their individual account and should take all reasonable precautions to prevent others from accessing their account. Under no conditions should a user provide their mailing list account password to another person.

Users will immediately notify the list Administrator if they identify a possible security problem.

Users will not repost a message received from the mailing list in another forum without permission of the originating author.

ETIQUETTE

Subscribers will be courteous and respectful of other list members. Use of obscene or inflammatory language will be grounds for removal from the mailing list.

Subscribers will adhere to the SANS and GIAC Codes of Ethics.

Subscribers will make an effort to strip excessive email headers or other non-pertinent information prior to either posting a forwarded email, or replying to an email.

Subscribers will not post any message that attacks the integrity, veracity or dignity, directly or indirectly, of any other subscriber-member.

Subscribers will not use the list as a venue for airing SANS/GIAC customer service issues. Formal channels exist for resolving day-to-day customer service issues, as well as appeals and complaints, and such matters are not within the scope of this list.

Subscribers will refrain from posting any of the following forms of personal or restricted data or links to sites with this data: